CrowdStrike and AWS have launched a new service aimed at reducing the friction and complexity of cloud security incident response. The offering, CrowdStrike Falcon for AWS Security Incident Response, allows AWS customers to activate CrowdStrike’s threat detection and remediation tools directly within their AWS environment.
I spoke with Daniel Bernard, chief business officer at CrowdStrike, and Hart Rossman, director of security incident response at AWS, about this announcement. They framed it with a very simple premise: if an organization faces a security incident, help is just a click away.
“How cool is it that in the AWS console in the Security Center, you can click a button and have a cyber expert at your beck and call?” said Bernard, chief business officer at CrowdStrike. “You might not even be a CrowdStrike customer yet. One click, and you’re in a whole different, better place on security.”
Fast Response, Native Integration
AWS customers can spin up Falcon for AWS Security Incident Response on demand, even in the middle of an incident, and get immediate access to endpoint protection, threat intel, and identity security services.
According to the press release Falcon for AWS Security Incident Response dramatically improves the ability to stop breaches. “Organizations detect 96% more threats in half the time and investigate incidents 66% faster.”
“It’s about helping customers at the point of need,” shared Rossman. “Time to response and remediation is really the goal here—to get customers from a bump in the night to ‘everything’s all right’ in as few clicks as possible.”
That speed and simplicity are critical in today’s threat environment, where the time between detection and damage can be measured in minutes.
Not Just for Emergencies
While the service shines in moments of crisis, both AWS and CrowdStrike say it’s designed for day-to-day use as well. By continuously assessing posture and enabling always-on protection, Falcon for AWS Security Incident Response delivers ongoing value beyond incident triage.
Rossman emphasized that cloud security today is no longer about sifting through dashboards. It’s about integrating protection directly into the way modern businesses operate.
“Security operations are changing,” he said. “You’re not looking in the rearview mirror anymore. This puts security in your hand every day—not just during an emergency.”
A New Chapter in Cloud Security Partnership
Bernard stressed that CrowdStrike was born in the cloud, built on AWS, and designed from day one to bring intelligence-driven cybersecurity to the modern enterprise. With this new service, that shared origin story between the two companies now enables a new level of security integration.
“This isn’t just best-of-breed,” said Bernard. “It’s best-of-breed that’s also easiest to use. We’re not forcing anyone into a walled garden. It’s an open pasture—with all the benefits of a tightly integrated experience.”
AWS customers can procure the service directly through the AWS Marketplace, using their existing spending commitments. There’s no need for separate procurement or custom deployment.
Less Friction, More Resilience
For many organizations, the cloud journey has created both opportunity and complexity. The patchwork of tools and services needed to secure hybrid and multi-cloud environments can add operational overhead and leave gaps in visibility.
This new offering is designed to remove those barriers.
“This is a capability that is very unique and bespoke to what AWS offers,” Bernard explained. “It streamlines access to help. And that’s something both of our companies—being customer obsessed—really rally around.”
By embedding CrowdStrike’s Falcon platform directly into the AWS incident response workflow, customers gain not just a tool, but a strategic advantage: faster remediation, continuous protection, and a more unified security experience.
Why It Matters
As enterprises push deeper into the cloud, their security must be just as agile. Waiting until after a breach is too late. This service empowers organizations to act faster, with fewer roadblocks.
It’s cloud security that “just works,” as Bernard put it—and in cybersecurity, that’s often the hardest thing to achieve.
